A problem with known methods for consuming contents relates to the fact that most content consuming devices today are not provided with a user identity module, e.g., a subscriber identity module (SIM). This is often the case with common consumer devices, e.g., PC, TV, movable media player. A simple solution would be, at content purchase time when user identity is provided for charging purposes, to also indicate the identity of the consuming device(s). But this is not always feasible as the user may not know in advance on which device(s) the purchased content will be played. Also, indicating device identities may be disadvantageous in terms of usability.
Another way to link device to user is for the service provider to maintain a database recording the relationship between users and devices. But in order to keep such a database up-to-date, the user has to inform the service provider each time a new device is bought or an old device discarded, which puts a heavy burden on the user. Furthermore, the static database is not able to support use cases where the user temporarily makes use of a foreign device (e.g. TV in a hotel room) to play content.
Yet another solution is to issue a token to the user after he or she is successfully authenticated. Such a token contains the authenticated user identity and must be presented to the DRM server for license acquisition. A drawback of this token-based solution is that, since anyone who gets hold of the token (or a copy of it) can acquire licenses under the user's name, the token must be distributed in a secure way. Of course the token itself must also be authenticity/integrity protected so that no one can fake a token or change the user identity contained in it.
Thus, there is a need for method and arrangement that overcomes many of the disadvantages of known methods to provide and charge for contents for consumption at a user device.